PHP-Code:
<?php
// Add fields to tl_module
$GLOBALS['TL_DCA']['tl_calendar_events']['fields']['featured'] = array
(
'label' => &$GLOBALS['TL_LANG']['tl_calendar_events']['featured'],
'exclude' => true,
'filter' => true,
'inputType' => 'checkbox',
'eval' => array('tl_class'=>'w50'),
'sql' => "char(1) NOT NULL default ''"
);
$GLOBALS['TL_DCA']['tl_calendar_events']['list']['operations']['feature'] = array
(
'label' => &$GLOBALS['TL_LANG']['tl_calendar_events']['feature'],
'icon' => 'featured.svg',
'attributes' => 'onclick="Backend.getScrollOffset();return AjaxRequest.toggleFeatured(this,%s)"',
'button_callback' => array('tl_calendar_events_um', 'iconFeatured')
);
$GLOBALS['TL_DCA']['tl_calendar_events']['palettes']['default'] = str_replace("{expert_legend:hide},cssClass,noComments", "{expert_legend:hide},cssClass,noComments,featured", $GLOBALS['TL_DCA']['tl_calendar_events']['palettes']['default']);
class tl_calendar_events_um extends tl_calendar_events {
/**
* Return the "feature/unfeature element" button
*
* @param array $row
* @param string $href
* @param string $label
* @param string $title
* @param string $icon
* @param string $attributes
*
* @return string
*/
public function iconFeatured($row, $href, $label, $title, $icon, $attributes)
{
if (strlen(Input::get('fid')))
{
$this->toggleFeatured(Input::get('fid'), (Input::get('state') == 1), (@func_get_arg(12) ?: null));
$this->redirect($this->getReferer());
}
// Check permissions AFTER checking the fid, so hacking attempts are logged
if (!$this->User->hasAccess('tl_calendar_events::featured', 'alexf'))
{
return '';
}
$href .= '&fid=' . $row['id'] . '&state=' . ($row['featured'] ? '' : 1);
if (!$row['featured'])
{
$icon = 'featured_.svg';
}
return '<a href="' . $this->addToUrl($href) . '" title="' . StringUtil::specialchars($title) . '"' . $attributes . '>' . Image::getHtml($icon, $label, 'data-state="' . ($row['featured'] ? 1 : 0) . '"') . '</a> ';
}
/**
* Feature/unfeature a news item
*
* @param integer $intId
* @param boolean $blnVisible
* @param DataContainer $dc
*
* @throws Contao\CoreBundle\Exception\AccessDeniedException
*/
public function toggleFeatured($intId, $blnVisible, DataContainer $dc=null)
{
// Check permissions to edit
Input::setGet('id', $intId);
Input::setGet('act', 'feature');
$this->checkPermission();
// Check permissions to feature
if (!$this->User->hasAccess('tl_calendar_events::featured', 'alexf'))
{
throw new Contao\CoreBundle\Exception\AccessDeniedException('Not enough permissions to feature/unfeature news item ID ' . $intId . '.');
}
$objVersions = new Versions('tl_calendar_events', $intId);
$objVersions->initialize();
// Trigger the save_callback
if (is_array($GLOBALS['TL_DCA']['tl_calendar_events']['fields']['featured']['save_callback']))
{
foreach ($GLOBALS['TL_DCA']['tl_calendar_events']['fields']['featured']['save_callback'] as $callback)
{
if (is_array($callback))
{
$this->import($callback[0]);
$blnVisible = $this->{$callback[0]}->{$callback[1]}($blnVisible, $dc);
}
elseif (is_callable($callback))
{
$blnVisible = $callback($blnVisible, $this);
}
}
}
// Update the database
$this->Database->prepare("UPDATE tl_calendar_events SET tstamp=" . time() . ", featured='" . ($blnVisible ? 1 : '') . "' WHERE id=?")
->execute($intId);
$objVersions->create();
}
/**
* Check permissions to edit table tl_calendar_events
*
* @throws Contao\CoreBundle\Exception\AccessDeniedException
*/
public function checkPermission()
{
$bundles = System::getContainer()->getParameter('kernel.bundles');
// HOOK: comments extension required
if (!isset($bundles['ContaoCommentsBundle']))
{
$key = array_search('allowComments', $GLOBALS['TL_DCA']['tl_calendar_events']['list']['sorting']['headerFields']);
unset($GLOBALS['TL_DCA']['tl_calendar_events']['list']['sorting']['headerFields'][$key]);
}
if ($this->User->isAdmin)
{
return;
}
// Set root IDs
if (empty($this->User->calendars) || !is_array($this->User->calendars))
{
$root = array(0);
}
else
{
$root = $this->User->calendars;
}
$id = strlen(Input::get('id')) ? Input::get('id') : CURRENT_ID;
// Check current action
switch (Input::get('act'))
{
case 'paste':
case 'select':
// Check CURRENT_ID here (see #247)
if (!in_array(CURRENT_ID, $root))
{
throw new Contao\CoreBundle\Exception\AccessDeniedException('Not enough permissions to access calendar ID ' . $id . '.');
}
break;
case 'create':
if (!strlen(Input::get('pid')) || !in_array(Input::get('pid'), $root))
{
throw new Contao\CoreBundle\Exception\AccessDeniedException('Not enough permissions to create events in calendar ID ' . Input::get('pid') . '.');
}
break;
case 'cut':
case 'copy':
if (!in_array(Input::get('pid'), $root))
{
throw new Contao\CoreBundle\Exception\AccessDeniedException('Not enough permissions to ' . Input::get('act') . ' event ID ' . $id . ' to calendar ID ' . Input::get('pid') . '.');
}
// no break
case 'edit':
case 'show':
case 'delete':
case 'toggle':
case 'feature':
$objCalendar = $this->Database->prepare("SELECT pid FROM tl_calendar_events WHERE id=?")
->limit(1)
->execute($id);
if ($objCalendar->numRows < 1)
{
throw new Contao\CoreBundle\Exception\AccessDeniedException('Invalid event ID ' . $id . '.');
}
if (!in_array($objCalendar->pid, $root))
{
throw new Contao\CoreBundle\Exception\AccessDeniedException('Not enough permissions to ' . Input::get('act') . ' event ID ' . $id . ' of calendar ID ' . $objCalendar->pid . '.');
}
break;
case 'editAll':
case 'deleteAll':
case 'overrideAll':
case 'cutAll':
case 'copyAll':
if (!in_array($id, $root))
{
throw new Contao\CoreBundle\Exception\AccessDeniedException('Not enough permissions to access calendar ID ' . $id . '.');
}
$objCalendar = $this->Database->prepare("SELECT id FROM tl_calendar_events WHERE pid=?")
->execute($id);
/** @var Symfony\Component\HttpFoundation\Session\SessionInterface $objSession */
$objSession = System::getContainer()->get('session');
$session = $objSession->all();
$session['CURRENT']['IDS'] = array_intersect((array) $session['CURRENT']['IDS'], $objCalendar->fetchEach('id'));
$objSession->replace($session);
break;
default:
if (strlen(Input::get('act')))
{
throw new Contao\CoreBundle\Exception\AccessDeniedException('Invalid command "' . Input::get('act') . '".');
}
if (!in_array($id, $root))
{
throw new Contao\CoreBundle\Exception\AccessDeniedException('Not enough permissions to access calendar ID ' . $id . '.');
}
break;
}
}
}
LG derMatze
Lesezeichen